Symantec Endpoint

Started by burghman, December 12, 2008, 06:41:43 PM

Previous topic - Next topic

burghman

More often than not, Process Lasso is lowering priority of SEP processes (rtvscan.exe, coh32.exe).  Unfortunately, this is a corporate laptop running a managed SEP client.  Each time PL touches these processes, SEP logs a tampering alert to SEP management server.  Our SEP administrator is not amused.

Is there any way to avoid this nuisance problem other than excluding SEP processes from PL control?

Jeremy Collake

I could add them to the hard-coded list of exclusions, that would solve the problem without users having to manually exclude those processes. I need to create a way to allow this 'hard-coded' list to be edited though, so will add these exclusions along with that capability. What I'll probably do is simply populate the exclusion list with a set of default values.

If time permits, I'll make this change in the next beta series. Thanks
Software Engineer. Bitsum LLC.

burghman

Might want to rethink that automatic exclusion idea.  These are processes that scream for throttling.  It is only the users running managed clients that might get an unfriendly visit from their SEP admin.  Users of unmanaged installations should have the option of excluding the processes or not.

Jeremy Collake

#3
Ah, ok. Thanks for the additional information, I'll definitely not add them to the default exclusions then.

As for restraining them without triggering the alarm, which was probably the intent of your question that I missed: You could try utilizing the foreground process priority class and thread boosting features. This would increase the difference between the foreground process priority class and the SEP processes, without having to touch the SEP processes. It isn't as ideal a solution, but may improve the system responsiveness.

You could also use default priorities to achieve a similar boosting effect on all/other application processes, when desirable.

Software Engineer. Bitsum LLC.